The General Court, one of the highest courts in the European Union (EU), has fined the European Commission for breaching its own data privacy rules. The Commission will have to pay 400 euros for failing to adequately protect a German citizen’s personal data when registering for the conference.
European institutions fine each other
The case began when a German citizen registered for a conference on the European Commission’s website using the “Login with Facebook” option. The court found that during this login process, the citizen’s IP address and browser information was sent to Facebook’s parent company Meta, in the US.
The EU’s General Data Protection Regulation (GDPR) requires strict measures to protect individuals’ privacy when personal data is transferred outside Europe. However, the court found that the European Commission failed to prove that it had taken the necessary security measures when sending this data to the US. This was considered a serious breach of the GDPR.
While the €400 fine may seem small compared to the multi-million euro fines imposed on tech giants, it is the first time the EU has subjected its own institutions to data protection laws.
{{user}} {{datetime}}
{{text}}